CVE-2024-47210

Gladys Assistant before 4.45.1 allows Privilege Escalation a user changing their own role because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js...

CVE-2024-8465

SQL injection vulnerability, by which an attacker could send a specially designed query through userid parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it...

PT-2024-38956 · Sourcecodester · Sourcecodester Petshop Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Petshop Management System version 1.0 Description: A critical issue was found in the SourceCodester Petshop Management System. This issue affects the code in the file /controllers/add user.php. The manipulation of the avatar...

CVE-2024-41600

Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component...

CVE-2024-34995

svnWebUI v1.8.3 was discovered to contain an arbitrary file deletion vulnerability via the dirTemps parameter under com.cym.controller.UserControllerimportOver. This vulnerability allows attackers to delete arbitrary files via a crafted POST request...

Campcodes Online Job Finder System SQL Injection Vulnerability

Campcodes Online Job Finder System is an online job finder system from Campcodes, Inc. A SQL injection vulnerability exists in version 1.0 of the Campcodes Online Job Finder System, which originates from a SQL injection vulnerability in the UESRID parameter of the /admin/user/controller.php file...

CVE-2024-25625

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in pimcore/admin-ui-classic-bundle prior to version 1.3.4. The vulnerability involves a Host Header Injection in the invitationLinkAction function of the UserController,...

Huaxia ERP Authorization Issues Vulnerability

Huaxia ERP is an ERP software from Huaxia, China. Huaxia ERP 3.1 and prior versions have an authorization issue vulnerability that originates from the file src/main/java/com/jsh/erp/controller/UserController.java that can lead to weak password recovery...

CVE-2023-38989

An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information...

jeesite 安全漏洞

Zhuo source software Jeesite is China's Zhuo source software company of a set of open source Java EE enterprise-class rapid development platform . The platform includes system permissions components , data permissions components , data dictionary components , core tools components , view...

Codefever 安全漏洞

CodeFever is a fully open source Git code hosting service from PGYER Open Source. A security vulnerability exists in CodeFever versions prior to 2023.2.7-commit-b1c2e7f, which stems from the component /controllers/api/user.php containing a remote code execution RCE issue...

SourceCodester E-Commerce System 跨站脚本漏洞

Moosikay E-Commerce System is an e-commerce system by the individual developer Arvin Arandilla. A cross-site scripting vulnerability exists in SourceCodester E-Commerce System version 1.0, which stems from a problem with the file admin/user/controller.php?action=edit, where manipulation of the...

CVE-2022-46999

Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability via the component \App\Manage\Controller\UserController.class.php...

CVE-2022-4511 RainyGao DocSys path traversal

A vulnerability has been found in RainyGao DocSys and classified as critical. Affected by this vulnerability is an unknown functionality of the component com.DocSystem.controller.UserControllergetUserImg. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely...

CVE-2022-27960

Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...

showdoc 跨站请求伪造漏洞

ShowDoc is an open source tool for IT teams to share documents online. ShowDoc is vulnerable to cross-site request forgery, which stems from the lack of effective filtering and restriction of cookies set in the software's UserController.class.php, and can be exploited by attackers to cause...

GHSA-WC73-W5R9-X9PC Cross-site Scripting in XXL-JOB

XXL-JOB 2.2.0 allows Stored XSS in Add User to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java...

Cross-site Scripting in XXL-JOB

XXL-JOB 2.2.0 allows Stored XSS in Add User to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java...

CVE-2020-29204

XXL-JOB 2.2.0 allows Stored XSS in Add User to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java...

XXL-JOB 跨站脚本漏洞

XXL-JOB is a distributed task scheduling platform whose core design goals are rapid development, simple learning, lightweight and easy to extend. A stored cross-site scripting vulnerability exists in XXL-JOB 2.2.0 in the "Add User" section, which can be exploited to bypass a 20-minute vulnerabili...